2017
01 DIRTYTOOTH: IT’S ONLY ROCK’N’ROLL, BUT I LIKE IT!

Bluetooth communications are on the increase. Millions of users use the technology to connect to peripherals that simplify and provide greater comfort and experience. There is a trick or hack for iOS 10.2.1 and earlier that takes advantage of the management of the profiles causing a great impact on the privacy of millions of users who use Bluetooth technology daily. From the iOS device information leak caused by the incorrect management of profiles, a lot of information about the user and their background may be obtained.

02 THE BICHO - AN ADVANCED CAR BACKDOOR MAKER

Attacks targeting connected cars have already been presented in several conferences, as well as different tools to spy on CAN buses. However, there have been only a few attempts to create something similar to a useful backdoor for the CAN bus. Moreover, some of those proofs of concept were built upon Bluetooth technology, limiting the attack range and therefore tampering its effects. Those things are old! Throughout our research we have successfully developed a hardware backdoor for the CAN bus, called 'The Bicho'. Its powerful capabilities render it a very smart backdoor. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? The Bicho makes it all possible. All the 'magic' is in the assembler-coded firmware we developed for a PIC18F2685 microcontroller. Aditionally our hardware backdoor has an intuitive graphical interface, called 'Car Backdoor Maker', which is open-sourced and allows payload customization. The Bicho supports multiple attack payloads and it can be used against any vehicle that supports CAN, without limitations regarding manufacturer or model. Each one of the payloads is associated to a command that can be delivered via SMS, allowing remote execution from any geographical point. Furthermore, as an advanced feature, the attack payload can be configured to be automatically executed once the victim's vehicle is proximate to a given GPS location. The execution can also be triggered by detecting the transmission of a particular CAN frame, which can be associated with the speed of the vehicle, its fuel level, and some other factors, providing the means to design highly sophisticated attacks and execute them remotely.

03 HACKING ROBOTS BEFORE SKYNET

Robots are going mainstream. In the very near future robots will be everywhere, on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, and interacting closely with our families in a myriad of ways. Similar to other new technologies, we’ve found robot technology to be insecure in a variety of ways, and that insecurity could pose serious threats to the people, animals, and organizations they operate in and around. This talk is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. While we assist the vendors in addressing the cybersecurity vulnerabilities identified, we want to describe the currently available technology, some of the threats posed by a compromised robot, and the types of cybersecurity issues we discovered. The goal is to make robots more secure and prevent vulnerabilities from being used maliciously by attackers to cause serious harm to businesses, consumers, and their surroundings.

04 BIOHACKING Y ROBOTICS LAB SCL, ROMPIENDO PARADIGMAS

Estamos en la IV Revolución Industrial y no somos ajenos a los avances tecnológicos que nos sorprenden, que traen impactos que afectan a millones de personas y un gran paradigma. El humano ha alcanzado nuevos límites desde la ficción al súper desarrollo, aumentando sus capacidades 'humanas'. Las tecnologías disruptivas: Robótica; Inteligencia Artificial; construcción de sistemas complejos y redes neuronales hace que, desde la entropía, la Cibernética comience a cumplir su rol. En Robotics Lab construimos Over Mind, que es un sistema que mediante un casco y señales cerebrales permite a los discapacitados mover una silla de ruedas, encender luces, controlar domótica entre otras aplicaciones, otorgando la capacidad de moverse libremente a las personas postradas o sin autonomía. Biohacking made in Chile.

05 OFFENSIVE IOT - ALL YOUR DEVICE BELONG TO US (EXPLOITING)

Actualmente los cibercriminales utilizan a routers, camaras y cualquier dispositivo que se conecte a internet para generar Botnets, minar bitcoins, realizar ataques DDOS entre otros, La charla está orientada y enfocada en el proceso de desarrollo de un exploit de forma práctica y dinámica, evadiendo diferentes medidas de seguridad implementadas sobre los dispositivos embebidos, bypassing ASLR, Return-oriented Programming (ROP Gadgets), Return to libc (R2L), el uso de herramientas para la identificación de arquitecturas ARM/MIPS, extracción de información de firmware (binarios).

06 MONEY MAKES MONEY: HOW TO BUY AN ATM AND WHAT YOU CAN DO WITH IT

In 1967 Lloyds introduced the first cash dispenser to London. Some 50 years later contactless payments and online transactions are our go-to methods to pay for goods and services. As we head ever closer to a cashless society, how relevant are threats to ATM’s today? What are the risks and the rewards? If a security professional or bad guy wanted to buy an ATM for research purposes, would it even be possible? I’ll show you how you can buy your own ATM for a lot less $$ than you thought. In this talk, I’ll discuss the exact steps I took to buy an ATM legally. I’ll discuss the challenges of acquiring, moving and storing an ATM and just how easy is it to hack an ATM once you have it.

07 MACROS MALICIOSOS PARA MACOS/OSX

A pesar de que se conoce que algunas personas conocían que macros maliciosos para Mac existían, no se habían visto como vector de ataque en una campaña dirigida hasta este año con. Un viejo enemigo de usuarios Microsoft Windows ahora regresa amenazando a usuarios MacOS/OSX. Usuarios y organizaciones deben de entender el riesgo de macros maliciosos en esta plataforma, pero no muchos saben los cambios que Microsoft ha introducido para mitigar este riesgo. Office 2016 corre en un sandbox y aunque usuarios ejecuten macros, atacantes no podrán acceder a los archivos del usuario. Pero, ¿se han migrado todos a Office 2016? ¿Esta versión ha mitigado los macros maliciosos eficazmente? ¿Están seguros los usuarios de Office 2016? Esta charla habla sobre el funcionamiento de macros para Mac, vectores de ataque a usuarios de Office 2011, los mecanismos de protección introducidos en Office 2016 y cómo abusar de funcionalidad para llevar ataques de phishing y acceder a archivos de usuarios. Se hablará de la herramienta Macphish, un generador de scripts maliciosos Applescript que nos ayudará durante las pruebas de ingeniería social contra objetivos que utilicen MacOS/OSX.

08 A GAME OF PWNS

What we can learn from the ongoing State Sponsored cyber attacks on cyber war tactics and what should be first addressed in our network protection model. The talk draws similarity in tactics shown in the series 'A Game of Thrones' and might contain spoilers from hacker's leaked episodes if any will be released at the time.

09 ATMITCH, MONEY FOR NOTHING AND YOUR DRILLS FOR FREE

One day bank employees discovered an empty ATM: there was no money, no traces of physical interaction with the machine, and no malware. Since fileless malware leverages the existing legitimate tools on a machine to remotely send the command to dispense the money, an operation that is very quick, just a few seconds are enough to empty the ATM without leaving traces. Some solutions, such as remote-controlled malware and bluetooth keyboards, seem elegant. However, other times is necessary for the attackers physically access the ATM, for example by drilling a golf-ball sized hole in the front panel. Any one part of the ATM could control all the other parts, with no authentication between parts (so any of them could be replaced without the others noticing), and the commands used to control them are rather easy to understand. Does that feel secure? Meet ATMitch, hardware hacking and jackpotting gone wild.

10 EXPLOITING 0LD MAG-STRIPE INFORMATION WITH NEW TECHNOLOGY

Private companies, banks, trains, subways, hotels, schools and many others services are still using magstripe information to even make monetary transactions, authorize access or to generate 'new' protocols like MST(Magnetic Secure Transmission) During decades the exploitation of magstripe information was an acceptable risk for many companies because the difficulty to achieve massive attacks simultaneously was not factible. But today is different. Transmitting magstripe information in audio files is the faster and easier way to make a cross-platform magstripe spoofer. But how an attacker could transmit the audio spoof information to many magnetic card readers at the same time? In this talk, we will discuss how an attacker could send specific data or achieve a magstripe jammer for credit card terminals, PoS or any card reader. Also, how it could be implemented to generate brute force attacks against hotel door locks or tokenization processes as examples.

11 SCADA HMI - THE HACKER-MACHINE INTERFACE

Most SCADA talks focus on the subtly and nuances of the SCADA architecture, such as protocol errors and network architecture. This talk, instead, focuses on real-world weaknesses and vulnerabilities affecting SCADA Human Machine Interface (HMI) solutions. All of the research and evidence covered in the presentation impacts the largest SCADA vendors in the world and has resulted in numerous vulnerability disclosures through ICS-CERT. In includes an analysis of more than 250 security vulnerabilities in SCADA HMI systems from 2015-2016, based primarily on cases handled by the ZDI and focuses on critical remote code execution vulnerabilities in these systems. We describe multiple design and code vulnerabilities in detail within existing SCADA HMI systems. The talk also provides guidance to vendors on hardening their code and give paths to researchers to help them find more vulnerabilities.

12 NO TODO ES DNS - ENUMERACION DE SOFTWARE EN TIEMPOS MODERNOS

Con el boom de los bug bounties, han emergido una serie de proyectos con el fin de enumerar nodos dentro de una red a través del protocolo DNS. El siguiente paso es descubrir qué servicios se encuentran disponibles a través de un scanner de puertos, ¿y luego qué? En seguridad, conocer el software utilizado por el sistema objetivo aumenta las probabilidades de lograr un ataque exitoso. Sin embargo, soluciones como Wappalyzer o WhatWeb no han evolucionado al mismo ritmo que las tendencias web en los últimos años. Single Page Applications, minifiers, uglifiers y un uso intensivo de Javascript vuelve torpes a las soluciones que aún intentan detectar software usando expresiones regulares sobre cuerpos de páginas ya no existentes. Estas razones motivaron el desarrollo de detectem, un proyecto open‐source de detección de software web para tiempos modernos. Empleando un navegador headless, utiliza una serie de técnicas para reconocer software de forma pasiva y entregar resultados confiables. Además, posee una arquitectura de plugins para facilitar el desarrollo y participación de terceros.

13 THE GENESIS OF HACKING - JAMES BOND, HQIBPEXEZMUG, Y CASI LA TERCERA GUERRA MUNDIAL

¿Sabias que el criptoanálisis se utilizó tanto para iniciar como para terminar guerras mundiales?, ¿y que también un bug en un algoritmo casi produce un holocausto atómico? ¿Es la seguridad informática un juego de niños, un microclima o una potente herramienta capaz de generar conflictos a nivel mundial? En un mundo en el cual la inteligencia artificial está ganando votos y adeptos, ¿Están los responsables a la altura de las posibles consecuencias? Todas estas respuestas las plantearemos desde una visión histórica, comenzando desde la primera guerra mundial, hasta la actualidad. Todo esto y mucho más en esta charla abierta, sobre revisionismo histórico y fundamentos sobre la evolución tecnológica.

14 LIVE FIRE LESSONS LEARNED: RSA CONFERENCE SOC AND BLACK HAT NOC VS CONSTANT ADVANCE PERSISTENT THREATS

Ever wonder how the major security conferences deal with the threats and attacks they face? Every year 40,000 IT security professionals attend RSA Conference and 10,000 attend the Black Hat Conference. This self-selected vanguard of the industry’s best cybersecurity warriors – and hackers – frequently seek to draw attention to new threats and vulnerabilities in very concrete ways. In addition to showing hacks to voting systems and IP-enabled cars in conference sessions, attendees have sought, on location, to breach everything from Wi-Fi networks, hotel billing systems, and the lobby ATM. Come hear the first-hand experience of protecting against a constant barrage of some of the most advanced persistent threats: attacks to the RSA Conference and Black Hat Conference networks. This session will share the process and learnings from staging and managing security operations – where the top global security experts are both predator and prey.